Imports System
Imports Microsoft.VisualBasic
  Partial Class logIn_aspx_vb
    Inherits System.Web.UI.Page
    Public Conn As Object ' ADODB.Connection
    Public RecSet As Object ' ADODB.Recordset
    Public username As String 
    Public password As String 
    Public pwd As Object ' System.Object
    Public userID As Object ' System.Object
    Public userTypeID As Object ' System.Object
    Public mobileGUI As Object 
    Public Sub Page_Load(_sender As Object, _e As EventArgs)
        Response.Buffer = true
        Session.LCID = 1053
        username = Request.Form("username")
        password = Request.Form("password")
        mobileGUI = Request.QueryString("mobileGUI")
        mobileGUI = CLng(mobileGUI)
        If Len(username) > 0 Then 
            username = Trim(username)
            username = Replace(username, " ", "")
            username = Replace(username, "'", "")
            username = Replace(username, """", "")
            username = Replace(username, "<", "")
            username = Replace(username, ">", "")
            username = Replace(username, "=", "")
        End IF
        If Len(password) > 0 Then 
            password = Trim(password)
            password = Replace(password, " ", "")
            password = Replace(password, "'", "")
            password = Replace(password, """", "")
            password = Replace(password, "<", "")
            password = Replace(password, ">", "")
            password = Replace(password, "=", "")
        End IF
        If Len(username) > 0 Then 
            If Len(password) > 0 Then 
                Conn = New ADODB.ConnectionClass()

                Dim constring As String

                constring = ConfigurationManager.ConnectionStrings("DatabaseConnection").ConnectionString
                Conn.Open(constring)
                RecSet = Conn.Execute("Select pwd, userID, userTypeID From tblUser Where usr = '" & username & "'")
                If RecSet.EOF Then 
                    Response.Redirect("default.aspx?error=1")
                Else
                    pwd = RecSet.Fields("pwd").Value
                    userID = RecSet.Fields("userID").Value
                    userTypeID = RecSet.Fields("userTypeID").Value
                    password = Trim(password)
                    password = Replace(password, " ", "")
                    password = Replace(password, "'", "")
                    password = Replace(password, """", "")
                    password = Replace(password, "<", "")
                    password = Replace(password, ">", "")
                    password = Replace(password, "=", "")
                    If LCase(password) = LCase(pwd) Then
                        FormsAuthentication.SetAuthCookie("test", True)
                        Session.Add("fragusLeasingUserID", userID)
                        Session.Add("fragusLeasingUserTypeID", userTypeID)
                        Session.Add("mobileGUI", mobileGUI)
                        Session.Timeout = 120
                        Response.Redirect("userInside.aspx")
                    Else
                        Response.Redirect("default.aspx?error=2")
                    End If
                End IF
                RecSet.Close()
                RecSet = Nothing
                Conn.Close()
                Conn = Nothing
            Else
                Response.Redirect("default.aspx?error=3")
            End IF
        Else
            Response.Redirect("default.aspx?error=4")
        End IF
    End Sub


  End Class
